What are the current standards and protocols for 3G cryptography and key management?

1 3G Security Architecture

3G networks follow a security architecture defined by the 3rd Generation Partnership Project (3GPP), a collaboration of telecom standards bodies. The architecture consists of four main domains: the user equipment (UE), the radio access network (RAN), the core network (CN), and the inter-operator network (ION). Each domain has its own security features and mechanisms, such as encryption, authentication, integrity protection, and key distribution.

2 3G Cryptographic Algorithms

3G networks use a set of cryptographic algorithms specified by the 3GPP to provide confidentiality, integrity, and authentication services. These algorithms are based on symmetric-key cryptography, meaning the same secret key is used by both parties to encrypt and decrypt messages. KASUMI is a block cipher used for both voice and data encryption in 3G networks, encrypting and decrypting 64-bit data blocks with a 128-bit key. SNOW 3G is a stream cipher used for both voice and data encryption in HSPA-supported 3G networks, encrypting and decrypting data streams of arbitrary length with a 128-bit key and initialization vector. AES is an optional algorithm for data encryption in HSPA+-supported 3G networks, encrypting and decrypting 128-bit data blocks with a 128-bit key. MILENAGE and TUAK are sets of functions used for authentication and integrity protection in 3G networks, generating authentication and integrity keys and vectors from a 128-bit master key.

3 3G Key Management

3G networks employ a hierarchical key management scheme for deriving and distributing keys among the different domains and entities. This scheme is based on the principles of storing a unique and secret 128-bit master key, called the individual subscriber authentication key (Ki), and a unique and public 128-bit identifier, known as the international mobile subscriber identity (IMSI). The Ki and the IMSI are used to generate a 128-bit session key, called the ciphering key (CK), and a 128-bit session key, called the integrity key (IK), with the help of MILENAGE or TUAK functions. Further, these CK and IK are utilized to derive a 64-bit session key, called the ciphering key for user plane (CK_U), and a 64-bit session key, referred to as the integrity key for user plane (IK_U), through an XOR operation. The CK_U and IK_U are then used to encrypt and protect data and voice traffic between the UE and RAN, using KASUMI, SNOW 3G, or AES algorithms. Additionally, CK and IK are utilized to derive another 64-bit session key, known as the ciphering key for control plane (CK_C), along with another 64-bit session key, named as the integrity key for control plane (IK_C). These CK_C and IK_C are employed to encrypt signaling messages between UE and CN using KASUMI or SNOW 3G algorithms. Moreover, CK_C and IK_C are utilized to derive yet another 64-bit session key - inter-operator key (IK_OP) - through an XOR operation. This IK_OP is used to secure signaling messages between CN and ION with KASUMI or SNOW 3G algorithms.

4 3G Security Procedures

3G networks employ several security procedures to establish and update the keys and the security context between the UE and the network. These include Authentication and Key Agreement (AKA) - a challenge-response protocol that verifies the identity of both parties, Security Mode Command (SMC) - a protocol that negotiates the security algorithms and parameters, Security Mode Complete (SMC) - a protocol that confirms the successful completion of SMC, Ciphering Start (CS) - a protocol that activates data and voice encryption, Ciphering Stop (CS) - a protocol that deactivates data and voice encryption, Integrity Start (IS) - a protocol that activates integrity protection of signaling messages, and Integrity Stop (IS) - a protocol that deactivates integrity protection of signaling messages. These procedures are triggered when the UE registers to the network or when the network requests it. Additionally, they are activated when the UE detaches from the network or when the network requests it.

5 3G Security Challenges

3G networks offer improved security compared to earlier generations, but they are still vulnerable to attacks and vulnerabilities. Key reuse, leakage, and distribution can expose traffic to replay or decryption attacks, eavesdropping or tampering attacks, and interception or modification attacks, respectively. Additionally, the cryptographic algorithms used in 3G networks, such as KASUMI or MILENAGE, may have flaws or limitations that make them vulnerable to cryptanalysis or brute force attacks. Furthermore, the security procedures used in 3G networks, such as SMC or CS, may have errors or loopholes that make them susceptible to bypassing or spoofing attacks.

6 Here’s what else to consider

This is a space to share examples, stories, or insights that don’t fit into any of the previous sections. What else would you like to add?